Commit e2d9e371 authored by Achilleas Pipinellis's avatar Achilleas Pipinellis

Merge branch 'docs/permissions' into 'master'

Update permissions docs

Closes #45222

See merge request gitlab-org/gitlab-ce!19858
parents f2e90bc2 bf817b3b
...@@ -51,6 +51,9 @@ The following table depicts the various user permission levels in a project. ...@@ -51,6 +51,9 @@ The following table depicts the various user permission levels in a project.
| See a container registry | | ✓ | ✓ | ✓ | ✓ | | See a container registry | | ✓ | ✓ | ✓ | ✓ |
| See environments | | ✓ | ✓ | ✓ | ✓ | | See environments | | ✓ | ✓ | ✓ | ✓ |
| See a list of merge requests | | ✓ | ✓ | ✓ | ✓ | | See a list of merge requests | | ✓ | ✓ | ✓ | ✓ |
| Manage related issues **[STARTER]** | | ✓ | ✓ | ✓ | ✓ |
| Lock issue discussions | | ✓ | ✓ | ✓ | ✓ |
| Lock merge request discussions | | | ✓ | ✓ | ✓ |
| Create new environments | | | ✓ | ✓ | ✓ | | Create new environments | | | ✓ | ✓ | ✓ |
| Stop environments | | | ✓ | ✓ | ✓ | | Stop environments | | | ✓ | ✓ | ✓ |
| Manage/Accept merge requests | | | ✓ | ✓ | ✓ | | Manage/Accept merge requests | | | ✓ | ✓ | ✓ |
...@@ -76,11 +79,12 @@ The following table depicts the various user permission levels in a project. ...@@ -76,11 +79,12 @@ The following table depicts the various user permission levels in a project.
| Edit project | | | | ✓ | ✓ | | Edit project | | | | ✓ | ✓ |
| Add deploy keys to project | | | | ✓ | ✓ | | Add deploy keys to project | | | | ✓ | ✓ |
| Configure project hooks | | | | ✓ | ✓ | | Configure project hooks | | | | ✓ | ✓ |
| Manage runners | | | | ✓ | ✓ | | Manage Runners | | | | ✓ | ✓ |
| Manage job triggers | | | | ✓ | ✓ | | Manage job triggers | | | | ✓ | ✓ |
| Manage variables | | | | ✓ | ✓ | | Manage variables | | | | ✓ | ✓ |
| Manage pages | | | | ✓ | ✓ | | Manage GitLab Pages | | | | ✓ | ✓ |
| Manage pages domains and certificates | | | | ✓ | ✓ | | Manage GitLab Pages domains and certificates | | | | ✓ | ✓ |
| Remove GitLab Pages | | | | | ✓ |
| Manage clusters | | | | ✓ | ✓ | | Manage clusters | | | | ✓ | ✓ |
| Edit comments (posted by any user) | | | | ✓ | ✓ | | Edit comments (posted by any user) | | | | ✓ | ✓ |
| Switch visibility level | | | | | ✓ | | Switch visibility level | | | | | ✓ |
...@@ -90,6 +94,7 @@ The following table depicts the various user permission levels in a project. ...@@ -90,6 +94,7 @@ The following table depicts the various user permission levels in a project.
| Remove pages | | | | | ✓ | | Remove pages | | | | | ✓ |
| Force push to protected branches [^4] | | | | | | | Force push to protected branches [^4] | | | | | |
| Remove protected branches [^4] | | | | | | | Remove protected branches [^4] | | | | | |
| View project Audit Events | | | | ✓ | ✓ |
## Project features permissions ## Project features permissions
...@@ -127,17 +132,12 @@ and drag issues around. Read though the ...@@ -127,17 +132,12 @@ and drag issues around. Read though the
[documentation on Issue Boards permissions](project/issue_board.md#permissions) [documentation on Issue Boards permissions](project/issue_board.md#permissions)
to learn more. to learn more.
### File Locking permissions ### File Locking permissions **[PREMIUM]**
> Available in [GitLab Premium](https://about.gitlab.com/products/).
The user that locks a file or directory is the only one that can edit and push their changes back to the repository where the locked objects are located. The user that locks a file or directory is the only one that can edit and push their changes back to the repository where the locked objects are located.
Read through the documentation on [permissions for File Locking](https://docs.gitlab.com/ee/user/project/file_lock.html#permissions-on-file-locking) to learn more. Read through the documentation on [permissions for File Locking](https://docs.gitlab.com/ee/user/project/file_lock.html#permissions-on-file-locking) to learn more.
File Locking is available in
[GitLab Premium](https://about.gitlab.com/products/) only.
### Confidential Issues permissions ### Confidential Issues permissions
Confidential issues can be accessed by reporters and higher permission levels, Confidential issues can be accessed by reporters and higher permission levels,
...@@ -160,6 +160,12 @@ group. ...@@ -160,6 +160,12 @@ group.
| Remove group | | | | | ✓ | | Remove group | | | | | ✓ |
| Manage group labels | | ✓ | ✓ | ✓ | ✓ | | Manage group labels | | ✓ | ✓ | ✓ | ✓ |
| Create/edit/delete group milestones | | | ✓ | ✓ | ✓ | | Create/edit/delete group milestones | | | ✓ | ✓ | ✓ |
| View private group epic **[ULTIMATE]** | | ✓ | ✓ | ✓ | ✓ |
| View internal group epic **[ULTIMATE]** | ✓ | ✓ | ✓ | ✓ | ✓ |
| View public group epic **[ULTIMATE]** | ✓ | ✓ | ✓ | ✓ | ✓ |
| Create/edit group epic **[ULTIMATE]** | | ✓ | ✓ | ✓ | ✓ |
| Delete group epic **[ULTIMATE]** | | | | | ✓ |
| View group Audit Events | | | | | ✓ |
### Subgroup permissions ### Subgroup permissions
...@@ -194,6 +200,27 @@ will find the option to flag the user as external. ...@@ -194,6 +200,27 @@ will find the option to flag the user as external.
By default new users are not set as external users. This behavior can be changed By default new users are not set as external users. This behavior can be changed
by an administrator under **Admin > Application Settings**. by an administrator under **Admin > Application Settings**.
## Auditor users **[PREMIUM ONLY]**
>[Introduced][ee-998] in [GitLab Premium][eep] 8.17.
Auditor users are given read-only access to all projects, groups, and other
resources on the GitLab instance.
An Auditor user should be able to access all projects and groups of a GitLab instance
with the permissions described on the documentation on [auditor users permissions](https://docs.gitlab.com/ee/administration/auditor_users.html#permissions-and-restrictions-of-an-auditor-user).
[Read more about Auditor users.](https://docs.gitlab.com/ee/administration/auditor_users.html)
## Project features
Project features like wiki and issues can be hidden from users depending on
which visibility level you select on project settings.
- Disabled: disabled for everyone
- Only team members: only team members will see even if your project is public or internal
- Everyone with access: everyone can see depending on your project visibility level
## GitLab CI/CD permissions ## GitLab CI/CD permissions
GitLab CI/CD permissions rely on the role the user has in GitLab. There are four GitLab CI/CD permissions rely on the role the user has in GitLab. There are four
...@@ -263,16 +290,6 @@ for details about the pipelines security model. ...@@ -263,16 +290,6 @@ for details about the pipelines security model.
Since GitLab 8.15, LDAP user permissions can now be manually overridden by an admin user. Since GitLab 8.15, LDAP user permissions can now be manually overridden by an admin user.
Read through the documentation on [LDAP users permissions](https://docs.gitlab.com/ee/articles/how_to_configure_ldap_gitlab_ee/index.html#updating-user-permissions-new-feature) to learn more. Read through the documentation on [LDAP users permissions](https://docs.gitlab.com/ee/articles/how_to_configure_ldap_gitlab_ee/index.html#updating-user-permissions-new-feature) to learn more.
## Auditor users permissions
> Available in [GitLab Premium](https://about.gitlab.com/products/).
An Auditor user should be able to access all projects and groups of a GitLab instance
with the permissions described on the documentation on [auditor users permissions](https://docs.gitlab.com/ee/administration/auditor_users.html#permissions-and-restrictions-of-an-auditor-user).
Auditor users are available in [GitLab Premium](https://about.gitlab.com/products/)
only.
[^1]: On public and internal projects, all users are able to perform this action [^1]: On public and internal projects, all users are able to perform this action
[^2]: Guest users can only view the confidential issues they created themselves [^2]: Guest users can only view the confidential issues they created themselves
[^3]: If **Public pipelines** is enabled in **Project Settings > CI/CD** [^3]: If **Public pipelines** is enabled in **Project Settings > CI/CD**
...@@ -283,3 +300,5 @@ only. ...@@ -283,3 +300,5 @@ only.
[ce-18994]: https://gitlab.com/gitlab-org/gitlab-ce/issues/18994 [ce-18994]: https://gitlab.com/gitlab-org/gitlab-ce/issues/18994
[new-mod]: project/new_ci_build_permissions_model.md [new-mod]: project/new_ci_build_permissions_model.md
[ee-998]: https://gitlab.com/gitlab-org/gitlab-ee/merge_requests/998
[eep]: https://about.gitlab.com/products/
\ No newline at end of file
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment